Article
The Relationship Between Forensic Accounting & Cybersecurity
March 15, 2020

Forensic accountants have always been known for helping clients uncover difficult financial truths. They have assisted businesses and the courts for decades in determining and quantifying losses due to fraud or other damaging events.

Cybersecurity professionals, most notably digital forensic and data breach experts, are tasked with following the trail left by hackers and tracing their digital footprint in hopes of identifying the data loss and exposures sustained by an attack.

The combination of this data loss and exposure as well as the potential costs and damages sustained from the breach are where forensic accounting and digital forensics teams are engaged alongside one another.

Fraud happens more than you think. Here’s how a forensic accountant can help you uncover the truth.

The Role of Forensic Accounting in Economic Damages
A forensic accountant’s role in a breach or data loss is to quantify the economic loss or damage associated with the event.

This begins with a review of documents and knowledge both pre-breach and post-breach, including:

  1. Financial Statements, including income statements, balance sheets, cash flow statements, and any budgeted or forecasted financial information.
  2. Interviews with owners and other parties who are knowledgeable of the company.

Different types of damages include:

  • Reputational damage
  • Business interruption to systems and process
  • Loss of business income and sales
  • Direct cost of the breach investigation and notification

Interruption to a system may not always be simple or clear. Take, for example, a breach of an automated assembly line for a manufacturer. A hacker gains access to a specific process operation controlled by a computer and threatens to sabotage the manufacturing process, perhaps even causing it to halt.

Another recent example involved an organization with multiple entities and vendor relationships tied to their business operation. The organization relied heavily on its vendors to fulfill orders in real-time within their network. When the breach occurred, these same vendors were left questioning whether they should continue the relationship with the client. The potential damages included reputational risks and potential service degradation due to vendor relationship strain.

Need help uncovering the facts and identifying financial loss?

The Role of Prevention, Loss Mitigation and Examination
Prevention
Information is valuable. To some degree, all information has a price. Whether hackers are looking to manipulate it, sell it on the black market, steal it or hold it for ransom, the data traveling through our networks is a prime target.

Cybersecurity incident prevention isn’t just something you buy and plug into the network, it is an arsenal of knowledge that organizations grow and nurture into something consistent and effective. While every organization is different, a successful model consistently addresses the following elements:

Organize: Defining purpose, assessing downtime impact, establishing the right people and obtaining the proper policies and procedures establishes a firm foundation for maturing and growing incident response plans.

Prepare: It is important to establish a pattern of preparation, not only so that the organization is ready in the event of an incident, but also to ensure that information systems, networks and applications are secured to standards.

Detect & Analyze: One hundred percent of all major cybersecurity incidents start out as events on a system. Establishing proper reporting channels and identifying common incident information will enhance the defensive playbook’s effectiveness.

Contain, Eradicate and Recover: Ensure the appropriate actions are taken by considering the purpose set forth by the organization’s legal, business and executive stance for containment, eradication and recovery of systems.

Post-Incident Activity: Learn and evolve processes, configurations and documentation to reflect newly learned information and enhance prevention capabilities.

Loss Mitigation
Organizations can become entirely reliant upon a person, group or vendor who can (through either mistakes or malicious intent) make everything appear to be OK. Mistakes and fraud are more common than most think. Boards and executive management need an independent resource to peel back the layers of obscurity and provide an unbiased view into an organization’s technical systems. Cybersecurity and digital forensic professionals can help mitigate losses.

But cybersecurity is more than just an IT issue. Everyone plays a part in preventing or detecting a breach. Having a clear set of policies in place is one of the first steps you can take to prevent and mitigate loss in a cybersecurity breach.

Leadership should promote strong cybersecurity practices and ensure that activities like the following are addressed on an ongoing basis:

  • Security awareness training
  • Vendor management
  • Event detection and response
  • Incident and contingency planning

Policies should include employee and customer best security practices while using social media and email.

  • Personal social media accounts (Facebook, Google, Twitter) should be locked down with maximum privacy settings applied to prevent open access to personally identifiable information such as birthdates, location, activities etc.
  • Check with the sender before opening an attachment, even if the email appears to be from another employee or trusted source.
  • Do not send confidential data, such as credit card data, customer names, email addresses and social security numbers through non-encrypted transfer methods. For example, don’t perform online mobile banking over public Wi-Fi networks.

A key to mitigating risk and loss when it comes to cybersecurity events (and their ensuing economic damages) is education. One of the best ways to be educated on your specific needs is to test your preparedness and capabilities with tabletop training exercises. Using your digital forensics incident response (DFIR) teams to conduct the exercises will help you see in action what works for you and what does not. This gives you the educated knowledge to make well-informed decisions while you have time, not in the middle of a real incident when your priority is focused on other pressing risks and threats to your organization.

Having an organization that promotes and actively engages in improving cybersecurity is priceless. It naturally helps generate awareness by keeping the topic in the forefront of employees’ minds. Along with support for your efforts should be the ability to spread knowledge about what exactly the organization is supporting. This includes training for your everyday users on how to spot cybersecurity threats, such as phishing emails with false senders, disguised links and others.

Additionally, your organization should provide training for administrative personnel on how to respond to the latest cybersecurity threats. Updates on the cybersecurity health of the organization are also important, including the number of events vs. incidents vs. breaches encountered. This training should be packaged with all new hire training items and be a routine feature of your organization’s continued learning. This will aid in keeping everyone up to date on the latest schemes and issues to look out for.

Examination
Having a reliable set of experienced personnel on hand or a call away is invaluable to a cybersecurity plan. It alleviates pressure on other less-experienced members of the organization and provides legal precedent if notifications to clients are necessary.

A third-party professional review can be extremely useful when a breach of security is concerned. This is especially the case if your organization is small and does not have all the tools and resources available to handle an incident response. Contractors could be contacted on a per incident basis and may even be backed by insurance companies.

The Role of Forensic Accounting and Cybersecurity
As much of our world turns digital, and more information is available at our fingertips, it’s important to consider the cost of a cybersecurity breach. The potential damages and loss to an organization can be devastating. The use of a third-party professional, such as a forensic accountant, can help organizations uncover what is lost and quantify the economic damages associated with a cybersecurity breach. Taking steps to plan ahead and mitigate risk before an incident occurs can pay off greatly in the future.

Find exactly how much your damage is worth.

We're Here to Help

We are here to help
From business growth to compliance and digital optimization, Eide Bailly is here to help you thrive and embrace opportunity.
Speak to our specialists